Mercurial > hg > nginx
diff src/http/modules/ngx_http_geo_module.c @ 4972:8b635cf36ccc
Added checks that disallow adding a variable with an empty name.
Added variable name syntax checks to "geo" and "map" directives.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 17 Dec 2012 19:03:33 +0000 |
parents | 90d8c3400769 |
children | 76dacc97f23c |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_geo_module.c +++ b/src/http/modules/ngx_http_geo_module.c @@ -325,7 +325,7 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_c name = value[1]; - if (name.len < 2 || name.data[0] != '$') { + if (name.data[0] != '$') { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid variable name \"%V\"", &name); return NGX_CONF_ERROR; @@ -342,6 +342,13 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_c } name = value[2]; + + if (name.data[0] != '$') { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid variable name \"%V\"", &name); + return NGX_CONF_ERROR; + } + name.len--; name.data++;